rhadamanthys | d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0

Resubmissions

27-11-2024 09:58

241127-lzvhasvqek 10

04-06-2023 06:36

230604-hdan8abh9s 10

Sharing

Copy URL

Twitter E-mail

General

Target

d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0
Size

444KB
MD5

b76f5c48eba8424f23d9a8dcfd2068ac
SHA1

630280826caaeb26042aac416de5cb638bb1086c
SHA256

d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0
SHA512

ddfd62ee99dfa138fd2ae4d2d0c272cc99f7f7d8dfde1de027ef34e1558a92ed045ec76f3f5b3417d0ff80cb0478328c6cff9c6ea8ce588cf1a64fa7e1271e3e
SSDEEP

6144:IjKvnAzRPqkroWkScrTIhB1uA2dOJhhgWbMbitWGFNuldsfiy3NiGA:Ijzgk0TSoIuA6ahE+F0/y36

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

https://141.98.6.78:2205/a395d5716e6cc/mope1.api

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0

Files

d0313163bca71a49c6714dbb00fbdb795d455d04d156e50e424c2adedc1437d0
.exe windows:4 windows x86 arch:x86

c304949191802a43e7e86d8fe3dcaf65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
HeapCreate
VirtualQuery
OutputDebugStringA
WaitForSingleObject
HeapDestroy
CreateEventW
ExitProcess
WideCharToMultiByte
OutputDebugStringW
CreateFileW
ReadFile
CloseHandle
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
HeapFree
MulDiv
GetProcessHeap
HeapAlloc
VirtualProtect
HeapSize
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetCurrentThreadId
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
TerminateProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

ReleaseDC
GetDC
GetSystemMetrics

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

gdi32

CreatePen
CloseMetaFile
CreatePolygonRgn
Pie
Chord
RealizePalette
GetCharacterPlacementW
GetObjectW
DPtoLP
StartDocW
RectVisible
GetStockObject
SaveDC
GetTextMetricsA
EndPath
GetNearestColor
CreatePenIndirect
CreateHalftonePalette
GetDIBColorTable
PolyBezier
SetWinMetaFileBits
FillRgn
RectInRegion
CreateFontIndirectW
ExtFloodFill
PtInRegion
GetBitmapBits
GetDeviceCaps
CopyEnhMetaFileW
GetEnhMetaFileHeader
SetRectRgn
StartPage
CreatePatternBrush
EndPage
EqualRgn
TextOutW
Rectangle
SetStretchBltMode
GetWorldTransform
GetDIBits
BeginPath
SetAbortProc
StretchBlt
GetROP2
SetWorldTransform
CreateDIBitmap
CreatePalette
GetViewportOrgEx
GetClipBox
ExtCreateRegion
SetMetaFileBitsEx
SetBkMode
CombineTransform
DeleteObject
SelectObject
Polyline
CreateFontIndirectA
SelectPalette
SetTextJustification
CreateBrushIndirect
SetTextColor
GetBkMode
MoveToEx
AbortDoc
GetSystemPaletteEntries
SetMapMode
CreateEnhMetaFileW
CombineRgn
SetWindowExtEx
GetTextMetricsW
GetEnhMetaFilePaletteEntries
GetMapMode
SetEnhMetaFileBits
EnumFontsW
AngleArc
RoundRect
RestoreDC
LineTo
ModifyWorldTransform
SetBkColor
ExtSelectClipRgn
SetViewportOrgEx
CreateBitmap
GetCurrentObject
GetEnhMetaFileDescriptionW
FrameRgn
PatBlt
CreateDIBSection
CreateCompatibleBitmap
CreateSolidBrush
PlayEnhMetaFile
GetEnhMetaFileBits
SetROP2
SetDIBits
GetBkColor
PathToRegion
DeleteMetaFile
GetTextExtentExPointW
ExcludeClipRect
DeleteDC
CreateDCW
GetWinMetaFileBits
SetWindowOrgEx
CreateRectRgn
GetStretchBltMode
GetTextColor
CreateICW
CreateRectRgnIndirect
DeleteEnhMetaFile
GetObjectType
GetTextExtentPoint32W
CreateMetaFileW
SelectClipRgn
FillPath
CloseEnhMetaFile
EndDoc
SetDIBColorTable
UnrealizeObject
ExtCreatePen
LPtoDP
MaskBlt
CreateEllipticRgn
GetClipRgn
GetRgnBox
GetWindowOrgEx
BitBlt
PolyBezierTo
Polygon
PtVisible
ResizePalette
Ellipse
ArcTo
SetGraphicsMode
IntersectClipRect
Arc
OffsetRgn
GetRandomRgn

winmm

timeGetTime
sndPlaySoundW

msimg32

GradientFill

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

c304949191802a43e7e86d8fe3dcaf65

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

winmm

msimg32

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 324KB - Virtual size: 323KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 324KB - Virtual size: 323KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB